I have a question that I can't find the answer to in MS Documentation in regards to the Log Analytics Workspace keys. Does anybody know if I go to the Agent Management for a Log Analytics Workspace and hit Regenerate for a key, does it affect the connection for existing agents that were onboarded using the old key (will machines that were onboarded previously be disconnected)? Or it will only affect future onboarding machines (meaning I cannot onboard using the old key)?
When I try to click on Regenerate, I get this message which is confusing a bit:
"This will nullify old keys, so after regenerating you'll need to update the keys in all agent instances and all other instances, like APIs, Logic Apps and Microsoft Flow"
If someone has any experience with this it would be so helpful!!
If we regenerate the azure log Analytics Workspace key, the old key will expire and all gent instances connecting the workspace with the key will be disconnected.
Related
I am relatively new to learning ADF; while creating linked-service for 'blob' data store, with the default settings:
'using connection string' for authentication type, at the end of creation step, I got the following recommendation:
Linked service will be published immediately
As Data Factory cannot store credentials in a Git repository, this change will be published immediately.
This may cause issues on the Master branch and on published resources that depend on this linked service. To avoid immediately publish of linked services, we recommend using Azure Key Vault.
I have attached screenshot of the recommendation to this post.
My concern is, what should be the ideal approach?
Further, if I publish the created 'linked service' directly with connection string as authentication type, how do I use it to run and test the pipeline? As of now, I haven't run a pipeline yet; everything I have created so far, I did it in Git-Repository mode of ADF.
Would anyone please help me guide through the process and best practice?
Thank you for giving your valuable time and support.
In Azure it is best to leverage managed identity wherever possible rather than having credentials stored in key vault as it adds to another security and maintainence layer
I'm using Azure Key Vault, to store my encryption keys. After finishing my free trial, I did not update my subscription. So I lost everything. How can I restore all my keys?
After finishing the free trial, any products you’ve deployed will be decommissioned and you won’t be able to access them, your option is to upgrade it to a pay-as-you-go account.
See - https://azure.microsoft.com/en-us/free/free-account-faq/
I'm trying to see if it is possible to have a trigger setup within Azure Functions that will fire off when Key Vault has a new version of a key created. It doesn't seem that there is a supported trigger at the moment, but wanted to see if someone else has had this type of idea and might have some solution in mind.
The use case I had in mind was for a on premise cache of keys and we wanted to setup an easy way to update/refresh the cache when key versions are created or expired so the data stays up to date.
Also, if this is a stupid idea, I'm open to suggestions of alternative ideas.
Azure Functions currently does not have support for Key Vault triggers. However, it seems that Key Vault has ability to send activity logs to Event Hub and there is support for Event Hub triggers in Azure Functions. Not sure if this would work for your use-case and I am not familiar with the SIEM pipeline, but here are some references that may help:
https://learn.microsoft.com/en-us/azure/security/security-azure-log-integration-keyvault-eventhub
https://mitra.computa.asia/articles/msdn-integrate-azure-logs-streamed-event-hubs-siem
I just created a new DocumentDB instance. When I go to the "Keys" area on the new Azure portal, I don't see a primary key or secondary key. My URI is listed. I tried use the regenerate feature hoping that would create the keys, but no luck. Anyone else have this problem? How would I report this to Msft without a technical support subscription?
The account can take several minutes to provision, during which time the keys will not be available (since the account has finished creating). If, in the portal, you choose to Browse | DocumentDB accounts, you will see the status (creating, updating, online). Once your account is in an online state, the keys will be available. Can you ensure that the account is indeed in an online state and, if so, refresh your browser and see if the keys are available?
From the Azure Portal, on the Configure Tab for a notification hub I am able to generate a primary key and secondary key. I understand these are required to gain programmatic access to the Azure API - allowing my client app to create registrations and send messages.
Could anyone please explain:
Why are there two keys (primary and secondary)?
Do the keys generated from this UI expire and if so how long do they live before expiry?
They don't expire. The reason there are two is because it's recommended that you regenerate the keys periodically for security reasons. For example, suppose your application is using the primary key today. If you regenerated the primary key, then your application would be broken until you could update it and resulting in downtime. Instead, you can change your application to use the secondary key with basically little or no downtime. Then, after your application has been updated, you can regenerate the primary key. Next month (or whatever schedule you like), you can repeat the process, switching back to the primary key and regenerating the secondary key.
This is not unique to Notification Hubs. You will see primary and secondary keys in other services such as Storage and Media Services. The idea is the same.